Often it is necessary to export NetFlow traffic on more than one server (production, development, test...). Having in mind that Cisco, Juniper and other devices can often export NetFlow data only on two devices, there is a need for tools for multiplication of NetFlow traffic.
One of these tools is Samplicator. It is a software package for Linux that listens to UDP datagrams at defined port and sends copies to set of other IP addresses we define.
Samplicator works according to the figure below:
How to do it:
tar -zxf samplicator-x.y.z.tar.gz
cd samplicator-x.y.z
./configure
Make
command to make binary files: make
make install
samplicate
In This example NetFlow Samplicator Server receives traffic from exporter 10.0.0.254 via port 2000, then sends copies to multiple NetFlow Servers via port 2055:
samplicate -S -f -p 2000 10.0.16.13/2055 10.0.17.8/2055 10.0.22.101/2055 |
Optional commands to use:
Option | Description |
---|---|
-p <port> | UDP port to accept flows on (default 2000) |
-s <address> | Interface address to accept flows on (default any) |
-d | Debug level |
-b | Set socket buffer size ( default 65536) |
-n | Do not compute UDP checksum (leave at 0) |
-S | Maintain (spoof) source address. |
-x <delay> | Transmission delay in microseconds. |
-c | Specify a config file to read. |
-f | Fork. This option sets samplicate to work as background process. |
Help command:
samplicate -h |